Your mission
Risk and Compliance Manager
PNO is looking for a Risk and Compliance Manager! In this position you will play a crucial role in ensuring that PNO Group operates in a compliant and risk-aware manner. As a company operating in 9 countries in Europe it will be quite the challenge.
Your primary goal will be to establish and maintain a robust framework that promotes effective risk management and regulatory compliance throughout our organization.
The R&C Manager will report to our CFO/CEO
The Risk and Compliance Manager will have the following accountabilities
Strategy, Policy & System Development
- Develop, together with senior management, a comprehensive strategy that aligns with the company's business objectives and risk tolerance.
- Create and update policies, procedures and systems in accordance with regulatory changes and best practices.
Risk Management
- Identify, assess, and prioritize risks across various business functions.
- Implement risk mitigation strategies and monitor their effectiveness.
- Provide regular risk reports and analysis to management.
- Prepares the management review for information security.
- Stay updated on relevant laws, regulations, and industry standards.
Incident Response and Investigation
- Develop incident response plans and coordinate response efforts in case of RC-related incidents.
- Conduct investigations into compliance violations or breaches.
Certification
- Management of the ISMS of all ISO certifying PNO group subsidiaries
- Management of the certification calendar.
- Setup and coordinate robust internal auditing cycles.
- Assisting entities with initial certification, check-ups and external audits.
- Ensure groupwide alignment and compliance with certification processes, audit standards and best practices.
Regulatory & Legal
- Monitoring PNO Group's compliance with laws and regulations (in collaboration with the legal department).
- Monitoring of shutdown, follow-up & execution of NDAs, as well as central archiving.
- Responsible for ensuring that PNO group complies with data protection laws and regulations (GDPR).
- Monitor the organization's data processing activities to ensure they adhere to relevant legal requirements.
- Guidance and advice to the organization, its employees, and its partners regarding data protection matters.
- Conducting DPIAs for high-risk data processing activities.
- Work closely with the organization's IT team to ensure that appropriate technical and organizational measures are in place to protect personal data from breaches and unauthorized access.